defaults ecr to immutable

turnerlabs · Sep 3, 2019 · f3698af · f3698af
1 parent 9c4248e
commit f3698af
Show file tree

Hide file tree

Showing 3 changed files with 12 additions and 2 deletions.
diff --git a/base/README.md b/base/README.md
@@ -40,7 +40,8 @@ $ terraform apply
 |------|-------------|:----:|:-----:|:-----:|
 | app | Name of the application. This value should usually match the application tag below. | string |  | yes |
 | aws_profile | The AWS profile to use, this would be the same value used in AWS_PROFILE. | string |  | yes |
-| region | The AWS region to use for the bucket and registry; typically `us-east-1`. Other possible values: `us-east-2`, `us-west-1`, or `us-west-2`. <br>Currently, Fargate is only available in `us-east-1`. | string | `us-east-1` | yes |
+| image_tag_mutability | The tag mutability setting for the repository. | string | IMMUTABLE |  |
+| region | The AWS region to use for the bucket and registry; typically `us-east-1`. Other possible values: `us-east-2`, `us-west-1`, or `us-west-2`. <br>Currently, Fargate is only available in `us-east-1`. | string | `us-east-1` |  |
 | saml_role | The role that will have access to the S3 bucket, this should be a role that all members of the team have access to. | string |  | yes |
 | tags | A map of the tags to apply to various resources. The required tags are: <br>+ `application`, name of the app <br>+ `environment`, the environment being created <br>+ `team`, team responsible for the application <br>+ `contact-email`, contact email for the _team_ <br>+ `customer`, who the application was create for | map | `<map>` | yes |
 

diff --git a/base/ecr.tf b/base/ecr.tf
@@ -4,9 +4,17 @@
  * https://aws.amazon.com/ecr/
  */
 
+# The tag mutability setting for the repository (defaults to IMMUTABLE)
+variable "image_tag_mutability" {
+  type        = string
+  default     = "IMMUTABLE"
+  description = "The tag mutability setting for the repository (defaults to IMMUTABLE)"
+}
+
 # create an ECR repo at the app/image level
 resource "aws_ecr_repository" "app" {
-  name = var.app
+  name                 = var.app
+  image_tag_mutability = var.image_tag_mutability
 }
 
 data "aws_caller_identity" "current" {

diff --git a/base/main.tf b/base/main.tf
@@ -13,6 +13,7 @@ terraform {
 # Using the AWS Provider
 # https://www.terraform.io/docs/providers/
 provider "aws" {
+  version = ">= 2.23.0"
   region  = var.region
   profile = var.aws_profile
 }